Atlanta | October 27, 2017
New methods of cyberthreat data visualization by Rosa Romero-Gomez won the Best Paper Award at the IEEE Symposium on Visualization for Cyber Security (VizSec 2017). The symposium took place on October 2 in Phoenix and was held in association with the IEEE InfoVis Conference.
Romero-Gomez is a postdoctoral researcher in the Georgia Tech School of Electrical and Computer Engineering (ECE). Her award-winning paper, entitled “Towards Designing Effective Visualizations for DNS-based Network Threat Analysis,” was coauthored by Yacin Nadji, a fellow ECE postdoctoral researcher, and ECE Assistant Professor Manos Antonakakis, who leads the Astrolavos Lab, serves as associate director of attribution for the Institute for Information Security & Privacy, and advises both Romero-Gomez and Nadji.
Romero-Gomez designed and developed an open-source threat console to help information security analysts and security researchers visualize DNS-based threat intelligence in order to better identify network threats. The console that she developed supports both proactive and reactive network threat analysis so that security analysts can better determine the volume of risks associated with an IP address, a geographical location, or an “autonomous system”/network (such as a domain name registrar, cloud service, or corporation).
"Our goal is to support analysts with large volumes and false positives so they can combine different data sources to understand the context," she explained. Analysts who are "threat hunting" may use a tree map data visualization or a new type of cluster graph to understand suspicious domain names that are associated with "combosquatting." Analysts who are in reactive mode may search a specific "indication of compromise" (IOC) by date and type.
The console was evaluated by information security professionals: seven who provided in situ feedback and 31 who completed test demonstrations and surveys. This work is part of the Active DNS Project, which is funded by a $17-million award from the U.S. Department of Defense. The project’s website shows examples of how Romero-Gomez’s visualizations give contextual information about cyberthreats.
This article originally appeared on the School of Electrical and Computer Engineering website and has been supplemented with additional information.